1it / ansible-role-users Goto Github PK

Hi,

Thanks for sharing this ansible role !
I have an issue, on skiping task with with_subelements loop
Espected Results :
Ansible should ignore the user from list , once the condition wasn't satisfied.

See below ansible config :

users: 
  - username: ''TOTO'
    uid: 1000               
    authorized: ['ssh-rsa DFSDKJFDFKLVJDFVKLJ']           
    state: 'present'
    addpukey:  true
  - username: 'TITI'
     uid: 1002
     state: present

The condition i have added is :

 when:
    - users is iterable 
    - item.0.addpukey is defined 

the error raised :

"msg": "could not find 'authorized' key in iterated item '

thanks for answers

Hi Ivan,

thanks for enabling issues on the repo and thanks for your blogpost covering this role.

While reading your role tasks I was wondering why it would not create all users as soon as do_run is set, and in fact testing confirmed this issue.

Test case is using this users list:

    users:
      - username: 'ansibletest'
        authorized:
          - "ssh-ed25519 AAAAC3NzaC1l123"
        name: 'System Administrator'
        target_hosts:
          - "ungrouped"
        state: 'present'
      - username: 'donotcreate'
        authorized:
          - "ssh-ed25519 AAA123"
        name: 'foo'
        target_hosts:
          - "bla"
        state: 'present'

If you run this against an ungrouped host, you would expect that it creates the user ansibletest but in fact both get created, because "Determine target hosts" sets do_run to True and do_run is a host-wide fact.

I'm also working on a solution for the problem by adding " - item.target_hosts in group_names" to the conditions of the task "Manage user accounts", but that does no longer support a list of target_hosts (it requires target_hosts to be just a string).

Looking forward to your input.

When the variable users_group_list variable is set to [], which is the default, a new empty group with the name "[]" is created on the target servers. The gid of this group is one above the latest normal group which is created by the role.

I am using the latest version of this role with ansible 2.10.8. My users are defined in the group_vars/all file in my inventory and look the following:

users:

• username: 'cs'
  name: 'My Name'
  comment: 'My Name'
  uid: '1010'
  gid: '1010'
  users_group_list: []
  authorized:

  • 'ecdsa-sha2-nistp521...'
    generate_key: false
    state: 'present'
    target_hosts:
  • all

• username: 'monitoring'
  name: 'Monitoring service account'
  uid: '2001'
  gid: '2001'
  users_group_list: []
  authorized: []
  generate_key: false
  state: 'present'
  target_hosts:

  • all

I've also tried it without the users_group_list: [] entry in the user definitions without success.

Have you any idea what causes the [] group entry on my systems?